What to do if you clicked a suspicious link or shared your code

Mistakes happen. If you clicked a phishing link or entered credentials on a fake page, act now.

Right now

1. Change your IM Lab password from a clean device.
2. Sign out of all sessions from Security → Active sessions.
3. Reset 2FA: remove the existing method and set up a new one.
4. Run a full antivirus / malware scan on the device you used.
5. Watch your inbox for password-reset confirmations from other services — attackers often pivot to email and bank accounts.

Tip: Tell us, even if nothing seems wrong. We can monitor your account for follow-up attempts.